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ABSTRACT 


A system and method for providing telephony communica- 
tion through a packet switched data network such as the 
Internet and an organization having telephone and computer 
terminals connected to a local area network. Selectable 
security is provided for the telephony applications through 
the use of an access gateway between the local area network 
and the packet switched data network operating in conjunc- 
tion with an intelligent control network in a public switched 
telephone network. The access gateway includes storage and 
a processor for storing security data and running selectable 
applications based on pre-conditions established for the 
telephone terminals. Information is obtained from a party 
seeking to connect to a telephone terminal connected lo the 
local area network both by dialing and by voice prompt and 
voice recognition dialog. 
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SECURE LAN/INTERNET TELEPHONY 

FIELD OF THE INTVENTION 

The present invention relates to telephony over a public 
packet switched data network such as the Internet to and 
from a multi-site industrial/business establishment having a 
local area network linking the sites and serving as a link to 
the public packet switched data network through a localized 
gateway system. 
Acronyms 

The written description uses a large number of acronyms 
to refer to various services and system components. 
Although generally known, use of several of these acronyms 
is not strictly standardized in the art. For purposes of this 
discussion, acronyms therefore will be defined as follows; 


ADPCM 

Adaptive Differential Pulse Code Modulation 

ARPA 

Advanced Research Projects Agency 

ARPANET 

Advanced Research Projects Agency NETwoik 

AS 

Autonomoxis Systeins 

ATM 

Asynchronous Transfer Mode 

CDMA 

Code Division Multiple Access 

CO 

Central OfEce 

CODEC 

digital CODer and DECoder 

CPU 

Central Processing Unit 

CREN 

Corporation for Research and Educational 


Ne two rlcing 

DHCP 

Dynamic Host Configuration Protocol 

DID 

Direct Inward Dialing 

DNS 

Domain Name Server 

DTMF 

Dual Tone Multi- Frequency 

FDDI 

Fiber Distributed Data Interface 

GAG 

Government Accounting OflSce 

IP 

Internet Protocol 

ISDN 

Integrated Services Digital Network 

ISP 

Internet Service Provider 

LAN 

Local Area Network 

MAC 

Media Access Control 

MILNET 

Military NEIVork 

NSFNFT 

National Science Foundation NETWort 

PC 

Personal Computer 

PABX 

Private Automatic Branch Exchange 

PBX 

Private Branch Exchange 

POTS 

Plain Old Telephone Service 

PPP 

Point to Point Protocol 

PRI 

Primary Rate Interface (for ISDN) 

PSTN 

Public Switched Telephone Network 

RAM 

Random Access Memory 

ROM 

Read Only Memory 

TCP 

Transmission Control Protocol 

SONET 

Synchronous Optical NETwork 

SMDS 

Switched Megabit n>ata Service 

SMDI 

Simplified Message Desk Interface 

Tl 

Digital TYansmission Link with 1.544 Mbps 


Capacity (24 voice channels) 

T3 

Digital TVansmission Link with 44.73 Mbps 


Capacity (672 voice channels) 

TDMA 

Time Division Multiple Access 

X.25 

Protocol Providing Direct Connection to a 


Packet Switched Network 


BACKGROUND ART 

Attention recently has been directed to implementing a 
variety of communication services, including voice tele- 
phone service, over the worldwide packet switched data 
network now commonly known as the Internet. The Internet 
had its genesis in U.S. Government programs funded by the 
Advanced Research Projects Agency (ARPA). That research 
made possible national interaetworkcd data communication 
systems. This work resulted in the development of network 
standards as well as a set of conventions, known as 
protocols, for interconnecting data networks and routing 
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information across the networks. These protocols are com- 
monly refened to as TCP/IP (transmission control protocol/ 
internet protocol). The TCP/IP protocols were originally 
developed for use only through ARPANET but have subse- 

5 quenlly become widely used in the industry. TCP/IP is 
flexible and robust. TCP takes care of the integrity, and IP 
moves the data. 

The Internet provides two broad types of services: con- 
nectionless packet delivery service and reliable stream trans- 

10 port service. The Internet basically comprises several large 
computer networks joined together over high-speed data 
hnks ranging from ISDN to Tl, T3, FDDI, SONET, SMDS, 
ATM, OTl, etc. The most prominent of these national nets 
are MILNET (MiUtary Network), NSFNET (National Sd- 

15 ence Foundation NETWork), and CREN (Corporation for 
Research and Educational Networking). In 1995, the Gov- 
ernment Accounting OfBce (GAG) reported that the Internet 
linked 59,000 networks, 2.2 million computers and 15 
million users in 92 countries. However, since then it is 

20 estimated that the number of Internet users continues to 
double approximately annually. 

In simplified fashion the Internet may be viewed as a 
series of packet data switches or * routers' connected together 
with computers connected to the routers. The information 
providers constitute the end systems which collect and 
market the information through their own servers. Access 
providers are companies such as UUNET, PSI, MCI and 
SPRINT which transport the information. Such companies 
market the usage of their networks to the actual end users. 

FIG. 9 shows a simplified diagram of the Internet 349 and 
various types of systems typically connected thereto. Gen- 
erally speiking the Internet consists of Autonomous Systems 
(AS) type packet data networks which may be owned and 
operated by Internet Service Providers (ISPs) such as PSI, 
UUNET, MCI, SPRINT, etc. Three such AS/ISP networks 
appear in FIG. 9 at 310, 312 and 314. The Autonomous 
Systems (ASs) are linked by high bandwidth Inter-AS 
Connections 311, 313 and 315. Information providers 316 
and 318, such as America Online (AOL) and Compuserve, 
connect to the Internet via high speed lines 320 and 322, 
such as Tl/TS and the like. Information providers generally 
do not have their own Internet based Autonomoiis Systems 
but have or use Dial-Up Networks such as SprintNet (X.25), 
DATAPAC and TYMNET. 

45 

In some cases, the information provider 316 or 318 
operates a host server or network of servers that their 
customers access by dial-up connection. If a customer wants 
information over and above that offered by the provider, the 
50 host server provides a tunnel connection through to the high 
speed link and the Internet 349. Other parties may connect 
into the network 349 at some other point and access infor- 
mation ofi'ered by provider 316 or 318 through the network 
349. 

55 By way of current illustration, MCI is both an ISP and an 
information provider, SPRINT is an ISP, and the MicroSoft 
Network is an information provider using UUNET as its ISP. 
Other information providers, such as universities, are indi- 
cated in exemplary fashion at 324 and are connected to the 

60 AS/ISPs via the same type connections here illustrated as Tl 
lines 326. Parties access information on servers of providers 
324 via the Internet 349. Corporate Local Area Networks 
(LANs), such as those illustrated in 328 and 330, are 
connected through routers 332 and 334 and high speed data 

65 links such as Tl lines 336 and 338. Laptop computers 340 
and 342 are representative of various personal computers 
and the like connected to the Internet via the public switched 
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telephone network (PSTN) and are shown connected to the 
AS/ISPs via dial up links 344 and 346. 

Recently, several companies have developed software for 
use on personal computers to permit two-way transfer of 
real- time voice information via an Internet data link between 
two personal computers, for example between PCs 340 and 
342. In one of the directions, the sending computer converts 
voice signals from analog to digital formal. The software 
facilitates data compression down to a rate compatible with 
modem communication via a POTS telephone line, in some 
cases as low as 2.4 kbits/s. The software also facilitates 
encapsulation of the digitized and compressed voice data 
into the TCP/IP protocol, with appropriate addressing to 
permit communication via the Internet 349. At the receiving 
end, the computer and software reverse the process to 
recover the analog voice information for presentation to the 
other parly. These programs permit telephone-like commu- 
nication between Internet users. 

PCs having voice communication capabilities can con- 
duct two-way, real-time audio communications with each 
other, in a manner directly analogous to a two-way telephone 
conversation. However, the actual signals exchanged 
between two such terminal devices go through the public 
packet data network. Typically, such communications at 
least bypass long distance interexchange carriers, 

Internet based telephone programs have relied on servers 
(not separately shown) coupled to the Internet to establish 
voice communication links through the networks. Each 
person active on the network, who is wiDing to accept a 
voice call, must register with a server. A caUing party can 
call only those persons registered on the voice communica- 
tion server. 

Subsequent new developments have provided systems 
which are capable of avoiding such registration problems. 
The common assignee's copending White and Farris apph- 
cation Ser. No. 08/670,908, attorney docket number 680- 
184, filed Jun. 26, 1996, entitled Internet Telephone service, 
describes such a system and is incorporated by reference 
herein in its entirety. In that system Public switched tele- 
phone networks utilizing program controlled switching sys- 
tems are arranged in an architecture with the Internet to 
provide a methodology for facilitating telephone use of the 
Internet by individual customers on an impromptu basis. 
Provision is made to permit a caller to set-up and carry out 
a telephone call over the Internet from telephone station to 
telephone station without access to computer equipment, 
without the necessity of maintaining a subscription to any 
Internet service, and without the requiring Internet literacy 
or knowledge. Calls may be made on an inter or intra LATA, 
region or state, nationwide or worldwide basis. Billing may 
be implemented on a per call, timed, time and distance or 
other basis. Usage may be made of common channel inter- 
office signaling to set up the call and establish the necessary 
Internet connections and addressing. Calls may be made 
from telephone station to telephone station, from telephone 
station to computer or computer to telephone station. 

The foregoing approach to Internet telephony is predomi- 
nantly but not exclusively addressed to individual to indi- 
vidual communications. From a corporate or business stand- 
point the Internet is currently used principally for E-mail and 
data communication, the latter use providing a convenient 
mode of exchanging large data files. At the same time voice 
communication over corporate LANs and interconnection 
thereof by wide area networks (WANs) are known. 

U.S. Pat. No. 4,866,704 to Larry A. Bergman, issued Sep. 
12, 1989, entitled Fiber Optic Voice/Data Network, 
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describes an asynchronous, high-speed, fiber optic local area 
network originally developed under a NASA contract for 
tactical environments. The network supports ordinary data 
packet traffic simultaneously with synchronous Tl voice 

S trafSc over a common token ring channel. A voice interface 
module parses, buffers, and re-synchronizes the voice data to 
the packet network employing elastic buffers on both the 
sending and receiving ends. Voice call setup and switching 
functions are performed external to the network with ordi- 

10 nary PABX equipment. Clock information is passed across 
network boimdaries in a token passing ring by preceding the 
token with an idle period of non-transmission which allows 
the token to be used to re-establish a clock synchronized to 
the data. Provision is made to monitor and compensate the 

IS elastic receiving buffers so as to prevent them from over- 
flowing or going empty. 

U.S. Pat. No. 5,453,987 to Hai V. Tran, issued Sep. 26, 

1995, entitled Random Access Protocol for Multi-media 
Networks, describes a method for randomly accessing a 

20 multi-media communications network defined by a common 
signal path and a plurality of voice and data terminals 
coupled to the common signal path for communication 
thereon. The method includes a first step of providing a 
plurality of sequential time slots for transmission of a 

25 plurality of information packets, each of the information 
packets having a length equal to a length of a representative 
one of the plurality of time slots. Next, each of the time slots 
is provided with an access field, an address control field and 
an information field. The access field of each of the plurality 

30 of time slots is next monitored for identifying a null time slot 
that is (1) in non-communication with any of the voice or 
data terminals, or (2) reserved for a voice terminal in a 
silence period. The next step of the method is to transmit a 
preamble to an access field of the identified null time slot. 

35 That transmission step is followed by the step of monitoring 
the transmission of the preamble for collisions between 
terminals competing for the identified null time slot. If no 
collision is detected, address data and information bits are 
transmitted in the respective fields of the identified null time 

40 slot and a respective time slot in subsequent data frames. If 
a collision is detected, then the method returns to the step of 
monitoring the access field of each of a plurality of time slots 
for identifying another null time slot, and then repeating the 
steps which are subsequent thereto. 

45 U.S. Pat. No. 5,524,110 to Danneels, et al., issued Jun. 4, 

1996, entitled Conferencing Over Multiple Transports, 
describes computer based audio/video conferencing in con- 
junction with data conferencing in a windowed environment 
The system provides real-time audio, video, and data con- 

50 ferencing between PC systems operating in non-real time 
windowed environments over two or more different trans- 
ports. 

The following listed patents also deal with varying 
aspects of the same technology: U.S. Pat No. 4,663,758, 

55 issued May 5, 1987, U.S. Pat. No. 5,506,834, issued Apr. 9, 
1996, U.S. Pat. No. 5,410,754, issued Apr. 25, 1995, U.S. 
Pat. No. 5,430,730, issued Jul. 4, 1995, and U.S. Pat. No. 
5,375,068, issued Dec. 20, 1994. 
There is a need for a system to provide to corporate and 

^0 other large sized business organizations a convenient access 
to Internet telephony communication, while at the same time 
providing a reasonable degree of effective security along 
with convenience of access and administration. 

65 DISCLOSURE OF THE INVENTION 

It is a primary object of this invention to satisfy the 
aforestated needs. 


05/14/2004, EAST Version: 1.4.1 


us 6,2: 

5 

In one preferred embodiment the invention meets those 
needs by providing a novel arrangement of a localized 
security and address administration telephony gateway to 
the Internet for an industrial complex that comprises mul- 
tiple oflBce or plant sites linked by a conventional local area 
network or LAN. By way of illustration this may be an 
Ethernet LAN. Each site has work station computers con- 
nected to the LAN for data communications and has con- 
ventional PBX or PABX telephone service to work stations 
and telephone stations. 

In this first embodiment, intra-company telephone service 
is provided via the multi-site PBX network which are linked 
by a public switched telephone network (PSTN). This net- 
work also provides a telephone link to the global commu- 
nity. 

In addition to this conventional telephone service there is 
also provided an alternative Internet service to the same 
telephone stations. Through this Internet service it is pos- 
sible to communicate with the global community without 
using the PSTN, at least in that portion of the communica- 
tion link extending from the company telephone stations to 
the distal side of the Internet. If the remote party to the 
communication has a non-PSTN link to the Internet, all 
PSTNs may be by-passed. In this first arrangement the 
company telephone stations or terminals connect to the PBX 
and via the PBX to the company LAN. In this context the 
terms PBX and PABX are used interchangeably. The LAN 
is connected to a localized security and address administra- 
tion telephony gateway and from there to the Internet 
through an Internet router. The localized access and security 
gateway provides the desired security. 

It will be recognized that 'security' is a relative term. A 
secure network does not exist; nor does a secure computer. 
The Trusted Computing Standards Evaluation Criteria (also 
known as the Orange Book), established by the United 
States Department of Defense, concludes that one cannot 
simply say that a computer is secure or not secure. Instead, 
it indicates that different levels of security can be assigned 
to "grade*' the security of an operating system. According to 
that grading system four different levels of security are 
represented by letters ranging from A to D. Within each level 
of security, a number can be used to subdivide the level 
further, as in Al, A2, and so on. 

Security, inherently, makes it harder to enter a system by 
providing additional locks that users must pass. 
Unfortunately, legitimate users must pass those locks as 
well. Every security measure installed creates more work for 
someone. The TCP/IP protocol represents a security risk 
simply because it enables remote users to access files and 
data on machines other than their own. Aside from that, it 
offers a number of features designed to make using the 
protocol easier for users. Unfortunately, some of these open 
additional security loopholes. 

The present invention addresses those problems using 
multiple approaches basically relying on address adminis- 
tration and segmentation, with a goal of providing what is 
considered to be reasonable security for the intended pur- 
pose. The basic building block in the inventive approach 
uses in conjunction with the network architecture a localized 
access and security gateway which has bridge and router 
capabilities. As such it has the ability to perform filtering 
functions. 

One element of security which is relied upon is a hard- 
ware address filler table. This address filter may be applied 
to either or both incoming or outgoing addresses. Where it 
is desired that no one outside of a particular segment of the 
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business network can access a server in that segment, the 
hardware address of that server may be included in the filter 
table. Where it is desired that outside access be denied to 
specific work stations or telephones, those hardware 

5 addresses may be included in the filter table. Filtering may 
occur at various levels of addressing. Thus servers or 
individual stations may not only be identified in hardware 
address tables, but also in IP and/or LAN protocol address 
tables. Also, if it is desired to limit certain workstations 

10 within the business network from accessing resources out- 
side their local segments, the hardware addresses of those 
work stations may be included in a filter table. It is intended 
that multiple layers of inclusion and/or exclusion tables may 
be utilized. 

^5 It is an important feature of the invention that the physical 
or MAC addresses as well as the IP addresses of the btisiness 
network telephone terminals be maintained confidential, 
except to the extent that authorized employees or personnel 
see fit to provide that information to outsiders. 

A further layer of security may be provided by utilizing 
the ability of the bridge/router to filter frames by protocols. 
The bridge/router may be programmed to pass only the 
specific telephony protocol packets and block other packets. 
In this manner outsiders are blocked from using the tele- 
phony entry for the purpose of unauthorized access to 
internal data resources. As a still further safeguard, the 
gateway may be provided with the abUity to compare the 
identity of the calling outside station to a table of allowed 
stations before passing the call on for further processing. In 
this manner specific callers or classes of callers may be 
blocked by the gateway. 

Another aspect of the inventive solution to the defined 
problem is the assignment of internal telephone station 
addresses in conjunction with one or more translation tables 
in the gateway to provide the desired degree of security. 
According to this feature, the internal telephone stations to 
which access is permitted via Internet telephony, are listed 
in the translation tables under numbers not comporting with 
existing hardware or IP addresses. In one preferred instance 
this may comprise an address or preferably a telephone 
number for the locahzed access and security gateway, in 
addition to an address which may be based on the internal 
company extension number for the specific telephone ter- 
minal. The terminal may not be reached via the Internet for 
telephony communication in a direct manner using any 
single address. The terminal may be reached for such a 
purpose only by first reaching the centralized access gate- 
way and providing to that gateway designated additional 
information. The receipt of this information will result in the 
gateway using its translation and filter tables in a novel 
manner to effect a connection to the telephone station. In this 
first example that connection would be via a LAN interface 
to a PBX. 

55 According to a second example or embodiment, digital 
telephone terminals may be utilized and connected directly 
to the LAN. Using that arrangement the PBXs may be 
eliminated. The LAN is connected via one or more LAN 
interfaces to wire line carrier (Tl, T2, T3) links and thence 

50 to one or more switching systems in the PSTN. The LAN 
interfaces include a LAN media access control (LAN-MAC) 
and physical interface, a LAN transmission control protocol 
and Internet control stack, a protocol converter, a connection 
controller and signal transform subsystem, and a wire line 

65 carrier interface. 

Additional objects, advantages and novel features of the 
invention will be set forth in part in the description which 
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follows, and in part will become apparent to those skilled in 
the art upon examination of the following, or may be learned 
by practice of the invention. The objects and advantages of 
the invention may be realized and attained by means of the 
instrumentalities and combinations particularly pointed out s 
in the appended claims. 

HGURES OF DRAWINGS 

no. 1 is a high level block diagram showing the rela- 
tionship of a localized security and address administration 
gateway connected to a LAN linked plurality of sites to 
provide to those sites access to a global telephony link via 
the public data network known as the Internet in accord with 
one embodiment of the invention. 

FIG. 2 shows in simplified block diagram form a depic- 
tion of a typical switched telephone network having an 
Advanced Intelligent Network (AIN) common channel 
interofiSce signaling system (CCIS). 

FIG. 3 is a block diagram of a program controlled switch 
of the type which may be used in the switched telephone 
network of FIG. 2. 

FIG. 4 illustrates one embodiment of an Intelligent 
Peripheral (IP) platform that may be used in the switched 
telephone network of RG. 2. 25 

FIG. 5 illustrates another embodiment of an Intelligent 
Peripheral (IP) platform that may be used in the switched 
telephone network of FIG. 2. 

FIG. 6 is a simplified block diagram of a preferred 
embodiment of access and security gateway to provide 30 
public packet switched data network, such as the Internet, 
telephony service to the business establishment shown in 
FIG. 1. 

FIG. 7 is a simplified illustration of an example of one 
possible organization of software for the address server or 
address and security gateway illustrated in FIG. 6. 

FIG. 8 is a high level block diagram showing another 
embodiment of a localized security and address administra- 
tion gateway connected to a LAN linked plurality of sites to 
provide to those sites access to a global telephony link via 
the public data network known as the Internet. 

FIG. 9 is a functional block diagram illustration of the 
public packet data network known as the Internet. 

BEST MODE FOR CARRYING OUT THE 
INVENTION 

Referring to FIG. 1 there is shown a high level block 
diagram showing the relationship of a localized security 
gateway connected to a LAN linked plurality of sites to 50 
provide to those sites access to a global telephony link via 
the public data network known as the Internet, according to 
one embodiment of the invention. 

There is shown at 10 two sites A and B of a business 
establishment which may have additional sites which arc not 55 
shown. The sites A and B may be relatively contiguous or 
may be remote, as in different states. Each site is provided 
with conventional telephone service by a PSTN 12. The two 
sites are shown connected to the PSTN via lines or trunks 14 
and 16 which connect to central oflSces (COs) 18 and 20. In eo 
the drawing the COs 18 and 20 are shown as end ofiBces 
which serve individual subscriber telephones 22A, B, and C, 
and 24A, B, and C. The COs are of the type having service 
switching point (SSP) capability as is presently further 
explained. 65 

The PSTN 12 is preferably of the type having an 
Advanced Intelligent Network (AIN) control system. A 
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public telecommunications network of that type is shown in 
FIG. 2. The network shown in FIG. 2 is similar to that shown 
in U.S. Pal. No. 5,247,571 to Kay et al., the disclosure of 
which is incorporated in its entirety by reference. The 
program -controlled nodes or switching systems are some- 
times referred to as "AIN nodes" or "AIN elements''. The 
telephone network of FIG. 2 includes a switched irafiBc 
network and a common channel signaling network used to 
carry control signaling and the like between nodes of the 
switched traffic network. 

The network of FIG. 2 includes a number of end office 
switching systems 110, also referred to as service switching 
points (SSPs) for reasons discussed later herein. The end 
oflfice switching systems llOA and HOB provide connec- 
tions to and from local communication lines (local loops) 
coupled to end users terminals or equipment. 

The end offices 110 are typically connected into a local 
exchange carrier (LEC) network, typically including one or 
more tandem switching offices 112 providing trunk connec- 
tions between end offices. As such, the local exchange 
carrier network comprises a series of switching offices 110 
interconnected by voice grade trunks 114. As known in the 
art, one or more trunks will typically connect one or more 
switching offices to at least one switch in other carrier 
networks (not shown). 

Each switching office 110 has at least minimal SS7 
signahng capability, which is conventionally referred to as a 
signaling point (SP) in reference to the SS7 network. In the 
local exchange network, at least one of the switching offices 
110, and preferably all, are programmed to recognize iden- 
tified events or points in call (PICs). In response to a PIC, the 
switching office 110 triggers a Transaction Capabilities 
Applications Protocol (TCAP) query message through the 
signaling network to an Integrated Service Control Point 
(ISCP) 120 for instructions relating to AIN type services. 
Switching offices having the full PIC recognition and sig- 
naling capabilities are referred to as service switching points 
(SSPs). 

The ISCP 120 offers AIN routing control functionalities to 
customers of the local exchange carrier. For example, the 
ISCP includes an SCP database 122 containing customer 
profile records (CPRs) for controlling call processing in 
response to respective triggers. The ISCP 120 may also 
access a separate database, for example, to supplement its 
routing tables for certain services. In the preferred system, a 
second function of the ISCP is to serve as a mediation point. 
Specifically, the ISCP 120 mediates queries and responses 
between the local exchange carrier network components and 
databases operated by other carriers. 

The ISCP 120 is an integrated system, and includes a 
Service Management System (SMS) 124, a Data and 
Reporting System (DRS) 126, and the database referred to 
as a Service Control Point (SCP) 122. The ISCP also 
typically includes a terminal subsystem referred to as a 
Service Creation Environment or SCE 128 for programming 
the database in the SCP for the services subscribed to by 
each individual business customer. The components of the 
ISCP are cormected by an internal, high-speed data network, 
such as a token ring network 130. 

The switches 110 typically comprise programmable digi- 
tal switches with common channel interoffice signaling 
(CCIS) communications capabilities. One example of such 
a switch is a 5ESS type switch manufactured by AT&T, 
although other vendors, such as Northern Telecom and 
Seimens, manufacture comparable digital switches which 
could serve as the SSPs and SPs. The SSP type implemen- 
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tation of such switches differs from the SP type implemen- 
tation of such switches in that the SSP switch includes 
additional software to recognize the full set of AIN triggers 
and launch appropriate queries, 

FIG. 3 is a simplified block diagram of an electronic 
program controlled switch which may be used as any one of 
the SSP type COs in the system of FIG, 2. As illustrated, the 
CO switch includes a number of different types of modules. 
In particular, the illustrated switch includes interface mod- 
ules 451 (only two of which are shown), a communications 
module 453, and an administrative module 455. 

The interface modules 451 each include a number of 
interface units 0 to n. The interface units terminate lines 
from subscribers' stations, tmnks, Tl carrier facilities, etc. 
Where the interfaced circuit is analog, for example a sub- 
scriber loop, the interface unit will provide analog to digital 
conversion and digital to analog conversion. Alternatively, 
the lines or trunks may use digital protocols such as Tl or 
ISDN. Each interface module 451 also includes a digital 
service unit (not shown) which is used to generate call 
progress tones. 

Each interface module 451 includes, in addition to the 
noted interface units, a duplex microprocessor based module 
controller and a duplex time slot interchange, referred to as 
a TSI in the drawing. Digital words representative of voice 
information are transferred in two directions between inter- 
face units via the time slot interchange (intramodule call 
connections) or transmitted in two directions through the 
network control and timing links to the time multiplexed 
switch 457 and thence to another interface module 
(intermodule call connection). 

The communication module 453 includes the time mul- 
tiplexed switch 457 and a message switch 459, The time 
multiplexed switch 457 provides time division transfer of 
digital voice data packets between voice channels of the 
interface modules 451 and transfers data messages between 
the interface modules. The message switch 459 interfaces 
the administrative module 455 to the time multiplexed 
switch 457, so as to provide a route through the time 
multiplexed switch permitting two-way transfer of control 
related messages between the interface modules 451 and the 
administrative module 455. In addition, the message switch 
459 terminates special data links, for example a Unk for 
receiving a synchronization carrier used to maintain digital 
synchronism. 

The administrative module 455 includes an administrative 
module processor 461, which is a computer equipped with 
disc storage 463, for overall control of CO operations. The 
administrative module processor 461 communicates with 
the interface modules 451 through the communication mod- 
ule 455. The administrative module 455 also includes one or 
more input/output (I/O) processors 465 providing interfaces 
to terminal devices for technicians such as shown at 466 in 
the drawing and data links to operations systems for traffic, 
billing, maintenance data, etc. A CCIS terminal 473 and an 
associated data unit 471 provide a signaling link between the 
administrative module processor 461 and an SS7 network 
connection to an STP or the like (see FIG. 2), for facilitating 
call processing signal communications with other CO's and 
with the ISCP 440. 

As illustrated in FIG. 3, the administrative module 455 
also includes a call store 467 and a program store 469. 
Although shown as separate elements for convenience, these 
are typically implemented as memory elements within the 
computer serving as the administrative module processor 
461. For each call in progress, the call store 467 stores 
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translation information retrieved from disc storage 463 
together with routing information and any temporary infor- 
mation needed for processing the call. For example, for a 
switch based Cenlrex type service, the call store 467 would 
receive and store extension number translation information 
for the business customer corresponding to an off- hook line 
initiating a call. The program store 469 stores program 
instructions which direct operations of the computer serving 
as the administrative module processor. 

Referring to FIG. 2, within the local exchange network, 
the CCIS network includes one or more Signaling Transfer 
Points (STPs) 116 and data links shown as dotted lines 
between the STP 116 and the switching offices 110. 
Typically, STPs 116 are implemented as matching or mated 
pairs, to provide a high level of redundancy. A full descrip- 
tion of such paired STPs is found in Eugene M. Pester III 
U.S. Pat. No. 5,475,732, issued Dec. 12, 1995, cntided 
Common Channel Signaling Network Maintenance and 
Testing. A data link also connects each of the STPs of pair 
116 to the ISCP 120. One or more data links also connect the 
STPs 116 in the local exchange carrier network to mated 
pairs of STPs in networks of a second carrier (not shown). 

The local exchange carrier network may also include one 
or more intelligent peripherals (IPs) 118. The IP 118 pro- 
vides enhanced announcement, digit collection, speech 
recognition, and/or other capabihties as later described. The 
IP 118 connects to the switch 110 of the local exchange 
carrier network via an appropriate line circuit capable of 
carrying both voice and data. The IP 118 also communicates 
with the ISCP 120 through a data communication network 
132 separate from the telephone company switching offices 
and associated interoffice signaling network. The data com- 
munication network 132 is preferably a packet switched 
network that serves as a signaling network enabling com- 
munications between AIN elements including the IP and the 
ISCP. The network 132 transports messages using a stan- 
dardized traa^ort protocol, such as TCP/IP, or a generic 
data interface (GDI), and may be implemented using X.25, 
frame relay, SMDS, or ATM technologies. 

FIG. 4 illustrates a first, preferred embodiment f the IP 
used in the network of FIG. 2. In this implementation, the IP 
will consist of two or more general purpose computers 
UOIA, IIOIB, such as IBM RS-6000's. Each general pur- 
pose computer will include a digital voice processing card 
for sending and receiving speech and other audio frequency 
signals, such as an IBM D-talk 600. Each voice processing 
card will connect to a voice server card tl03A or 1103B 
which provides the actual interface to Tl or primary rate 
interface ISDN trunks to the SSP type switching office. The 
plurality of computers may have associated dedicated disk 
storage 1105A, 1105B, and the IP will included a shared disk 
memory 1107. Each computer will also include an interface 
card for providing two-way communications over an inter- 
nal data communications system, an Ethernet type local area 
network 1109. The Ethernet carries communications 
between the individual computers and between the comput- 
ers and a router which provides an interconnection to the 
second signaling communications network going to the 
ISCP. The IP may also include another general purpose 
computer 1115 configured as a terminal subsystem, for use 
as a maintenance and operations center (MOC) and provid- 
ing operations personnel access to the IP. The number of 
processors provided in the IP and the number of voice 
servers will depend on project service demands. One addi- 
tional processor and associated voice server will be provided 
as a backup. 

Each general purpose computer UOIA, 1101 B will run a 
node manager, an IP/ISCP Interface program, appropriate 
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voice processing software and a variety of application providing a calling customer's individual service. For 

software modules to offer the proposed services of the IP. example, if the subscriber has some form of speech recog- 

The central administrator or "Node Manager" program nition service, the call would be routed to the speech 

module, running on each computer, will monitor and control recognitioa module 1205. If the subscriber has a voice mail 
the various IP resources and operations. 5 service, however, the ISCP would instruct the SSP to route 

™,. . jj -.jiv the call to one of the lines going to one of the voice server 

Tlie digual voice processing card and associated software ^^^^^^^ ^ ^^^^ ^^^^^^^ ^ ^203B 

"^'^^ ^T^tT^""^ speech recogmtion capabili- ^^^^ ^^^^-^^ • ^^-^ ^^^^ ^^-^^ ^^-j 

ties and DTOF tone signal reoeptionjor use in a imm^^^ ^^^^^ 1209 for transmission to the caller. The module 

different apphcaUons. Tlic speech synthesis and DTMF tone i203A or 1203B would decode DTMF signals and supply 

signal reception, for example will replace the announcement lO ^ ^^^^^^ ^^^^ ^^-^^ ^^-j ^^^^^^ ^^^^^^ 

and digit collectioa functions of the SSP switches mvanous ^^^^ ^^^^^ ^203 A or 1203B would also format 

existing AIN services T^e general purpose computers and ^^coming voice messages for transmission over internal 

associated circuits will also run a vanety of other types of ^^^^^^^.j^ ^jlO and storage by server 1209. 

service program modules, for example a voice mail server According to one preferred embodiment of the invention 

module and/or a fax mail server module. 15 communicate with the ISCPusing a proprietary 

FIG. 5 illustrates an alternate embodiment of an IP which protocol +1129 developed for the project described in U.S. 
may be used in the network of FIG. 2. The alternate p^j 5,572,583, issued Nov. 5, 1996, to Wheeler and 
architecture utilizes separate modules for different types of p^^^ entitled Advanced Intelligent Network With IntelU- 
scrvices or functions, for example, one or two Direct Talk ^^^^ Peripherals Interfaced to the Integrated Services Con- 
type voice server modules 1203A, 1203B for interfacing the t^oj poj^t^ ^nd assigned to the assignee of the instant 
trunk to the SSP, a separate module 1205 for speech application, the IP will query ISCP in response to a call. As 
recognition, a server module 1209 for voice mail, and described in further detail, during a call a trigger 
another server 1207 for fax maH services, etc. The various ^vent occurs. The SSP thereupon queries the ISCP The ISCP 
modules communicate with one another via an data com- responds by instructing the SSP to route the call to the IP, 
munication system 1210, which again may be an Ethernet ^^^^^ standard TCAP protocol messages. Substantially 
type local area network. simultaneously the ISCP uses the +1129 protocol on the 

The Direct Talk modules 1203A, 1203B provide voice second signaling network to send to the IP, one or a sequence 

message transmission and dialed digit collection of instructions as to how to process the particular call which 

capabilities, as in the earlier embodiment. The modules is sent by the SSP. 

1203A, 1203B also provide line interfaces for communica- As an alternative or in addition to the +1129 protocol, 

tions to and from those servers which do not incorporate line communications between the IP and the ISCP may utilize 

interfaces. For example, for facsimile mail, the Direct Talk generic data interface (GDI). The GDI command set is 

module connected to a call would demodulate incoming data simpler and more generic, and the commands can carry more 

and convert the data to a digital format compatible with the data. Also, the ISCP can initiate communications using GDI. 

internal data communication network 1210. The data would xbis permits a wider variety of routing and processing 

then be transferred over network 1210 to the fax server routines. In response to a triggering event, the SSP would 

1207. For outgoing facsimUe transmission, the server 1207 again receive instructions to route a call in progress to the IP. 

would transfer the data to one of the Direct Talk modules However, rather than waiting for a subsequent query from 

over the network 1210. The Direct Talk module would the IP, while the SSP is routing the call the ISCP may instruct 

reformat and/or modulate the data as appropriate for trans- the IP to prepare to receive a call on a particular circuit and 

mission over the ISDN link to the SSP. The Direct Talk may forward additional call specific information. For 

modules provide a similar interface function for the other example, for a call which might require speech recognition 

servers, such as the voice mail server 1209. processing, the ISCP would instruct the IP to retrieve 
The illustrated IP also includes a communication server 45 appropriate recognition templates from memory. Other pro- 

1213. The communication server 1213 connects between the tocols could be used to permit either the ISCP or the IP to 

data communication system 1210 and the router 1211 which initiate communications. 

provides communications access to the second signaling Referring to FIG. 2, the end ofiBce switching system 110 

communication system and the ISCP 40 and other IPs which normally responds to a service request on a local commu- 
conncct to that signaling communication system. The com- 50 nication line connected thereto, for example an off-hook 

munication server 1213 controls communications between from station X followed by dialed digit information, to 

the modules within the IP and the second signaling com- selectively connect the requesting line to another selected 

munication system. local communication line, for example to the line to station 

In each of the proposed architectures, the SSP switch Z. The connection can be made locally through only the 
would route calls to the different elements of the IP in SS connected end ofiBcc switching system UOA but typically 

response to instructions from the ISCP In the initial imple- will go through a number of switching systems, 

mentation using general purpose computers, each of which In the normal call processing, the central oflSce switching 

offers all service functionalities, the decision to route to a system 110 responds to an off-hook and receives dialed 

particular one of the computers would be a resource digits from the calling station. The central office switching 
availability/allocation decision. If necessary data can be 60 system analyzes the received digits to determine if the call 

exchanged between the computers via the internal data is local or not. If the called station is local and the call can 

communications network, e.g., if a message for a particular be completed through the one central office (intraoffice call), 

subscriber's service is stored in the disc memory associated e.g., from calling station X to called station Z via the central 

with one computer but the other computer is actually pro- office llOA, the central office switching system connects the 
cessing the call. In the second implementation (FIG. 6), 65 calling station to the called station. If, however, the called 

however, the ISCP would instruct the SSP to route the call station is not local, e.g., from calling station Y to called 
to the particular line to the specific module capable of station Z, the call must be completed through one or more 
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distant central offices (interoffice call), and further process- various PCs or work stations include processors, memories, 

ing is necessary. If at this point the call were connected various disc drives, etc. Each of the PCs also includes a 

serially through the trunks and appropriate central ofiBces display or monitor, a keyboard, and possibly one or more 

between the caller and the called party using ia-band additional user input devices (not shown) such as a mouse, 
signaling, the trunks would be engaged before a determina- 5 joystick or track ball. Typically, the software running on the 

tion is made that the called line is available or busy. PCsincludesanoperatingsystem, such as Windows '95, and 

Particularly if the called line is busy, this would unneces- a series of compatible applications programs running under 

sarily tie up limited voice tmnk circuit capacity. The CCIS the operating system. The software preferably implements a 

system through the STPs was developed to alleviate this graphical user interface, including a user interface for com- 

problcm. munications through the pubUc packet data network or 

In the CCIS type call processing method, the originating Internet 48. 

end office switching system suspends the call and sends a The PCs or work stations are provided with access to the 

message through the CCIS network to the end office switch- Internet by an Internet access server 50 which may be 

ing system serving the destination telephone line. The ter- connected to an Internet router (not shown) via a Tl or 

minating end office determines whether or not the called higher capacity line 51. The server 50 may be equipped and 

station is busy. If the called station is busy, the terminating programmed to act as a firewall for the PC or work station 

end office so informs the originating end office via CCIS trafiSc. 

message, and the originating end office provides a busy The LAN 38 may use any appropriate local data commu- 

signal to the caUing station. If the called station is not busy, nication network technology. For example, the network may 

the terminating end office so informs the originating end be fiber or wire. The network 38 may be a local ATM 

office. The originating office provides ringback to the caller, (Asynchronous Transfer Mode) network or a token ring, etc. 

and the terminating office applies ringing current to the line The LAN also carries normal data communications between 

to the called party. When the telephone station connected to PCs such as 44 and 46 and any other data devices coupled 

the called line goes off-hook, the terminating switching to the LAN, such as the Internet 48. 
office informs the originating switching office, and the two ^ One or more of the PCs or work stations 44 and 46 may 

offices establish a telephone connection via the trunks and also have voice communication capabilities. Such PCs 

end offices (and/or tandem offices) of the network between would include a microphone and one or more speakers, 

the calUng and called stations. These PCs also include analog to digital and digital to analog 

For an AIN type service, such as call redirection based on converters, and the CPUs in such PCs run software for 
data stored in the IS CP 120, the end offices and/or tandems 3Q compression and decompression of digitized audio 
are SSP capable and detect one of a number of call process- (typically voice) information. The software also processes 
ing events, each identified as a "point in call" (PIC), to the audio information for transmission and reception of the 
trigger AIN type processing. Specifically, in response to compressed digital information in IP packets and using the 
such a PIC, a switching system such as switch HO suspends appropriate protocol, for communication with the respective 
call processing, compiles a call data message, also referred 35 access server, such as the access server 50 in FIG. 1. 
to as a TCAP query message, and forwards that message via pcs having voice communication capabilities can con- 
common channel interoffice signaling (CCIS) links and one (j^ct two-way, real-time audio communications with each 
or more STPs 116 to an ISCP 120, If needed, the ISCP 120 other, in a manner directly analogous to a two-way telephone 
can instruct the particular switching office to obtain and conversation. However, the actual signals exchanged 
forward additional information. Once sufficient information between two such terminal devices go through the public 
has reached the ISCP 120, the ISCP 120 accesses its stored packet data network 48 and the appropriate access server 50. 
data tables and or data in external databases to translate the in this manner the appropriately equipped PCs in the busi- 
received data into a call control message and returns the call ness estabUshment 10 may communicate by telephone with 
control message to the switching office via the STP 116 and distant similarly equipped PCs (not shown). Typically, such 
the appropriate CCIS links. The switching office HO uses 45 communications at least bypass long distance interexchange 
the call control message to complete the particular call carriers. If both communicating PCs connect to the Internet 
through the public switched network in the manner specified via a LAN or other data network, the audio communications 
by the subscriber's data file in the ISCP 120. may not utilize any public telephone network. On the other 

Referring to FIG. 1, the business establishment termina- hand, individual residence premised PC users usually rely 
tions of the lines or trunks 14 and 16 are connected to PBXs 50 on dial-up connection to an ISP connected to the PSTN, 

or PABXs 26 and 28 at the sites A and B, respectively. These The public packet data network or Internet 48 also con- 

PBXs serve the internal telephone stations 30A, B, and C, nects to a number of PSTN gateways or servers in different 

and 32A, B, and C, respectively to provide both internal and service areas. Thus a PSTN gateway 54 connects to one or 

external telephone service to the sites A and B. Each PBX is ^ore central offices 56 of the public switched telephone 
provided with an attendants station 34 and 36. 55 network in the region where the gateway 54 is located. In 

The sites A and B (and any other sites in the business similar fashion one or more ISP gateways 58 is shown 

establishment) are also connected by a local area network connected from an Internet router (not shown) in the Internet 

LAN 38. The LAN 38 is connected to the respective PBXs 48 to one or more central offices 60 in the PSTN 12. Calls 

through LAN interface cards or units 40 and 42, The LAN through the network to and from such gateways typically 
cards provide a two-way data interface compatible with the 60 bypass long distance interexchange carriers and may utilize 

particular LAN 38, for example a 10 baseT Ethernet LAN. a data network connection to a PC at one end of the call, as 

The LAN card transmits and receives addressable messages in the example of the PCs in the business establishment 10. 

over the LAN 38 for communication with other devices on The PCs having voice communication capabihties may send 

the LAN. The addressing conforms to the media access and receive telephone calls via the public switched tele- 
control (MAC) functionality of the particular LAN protocol. 65 phone network 12 and one of the gateways 54 and 58 to 

FIG, 1 shows the LAN also connected to PCs or work persons using standard telephones 62A, B, and C connected 

stations 44A and B, and 46A and B, respectively. The to an end office CO in the PSTN 12. 
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Such gateways as 54 and 58 will connect to the CO, 
typically utilizing one or more primary rate interface (PRI) 
type integrated services digital network (ISDN) line groups 
or a combination of one or more Tl circuits and a Simplified 
Message Desk Interface (SMDI) type signaling circuit. The 
line circuits provide digital line interconnections of the 
gateway to the central office. The D channel of the PRI or the 
SMDI link carries a variety signaling back and forth 
between the PSTN gateway arid the CO. For example, on an 
incoming call from one of the COs 56 or 60, to one of the 
gateways 54 or 58, the signaling would include the calling 
party number and dialed destination digits. 

The PSTN gateway 54 includes one or more computers 
for processing individual calls. The computers include 
appropriate line interfaces for answering incoming calls and 
initiating outgoing calls over the particular type of line 
circuits. The interfaces also receive and decode standard 
signaling messages from the PSTN, e.g. DTMF dialing 
signals and/or D channel ISDN signaling. The interfaces 
also detect line status and call progress signals on incoming 
and outgoing calls, either as in-band tone signals or as D 
channel messages. Each of die computers in the gateway 54 
runs software to compress incoming audio signals from the 
PSTN in a standardized format and decompress digital audio 
signals in that format received via the public packet data 
network or Internet 48, for transmission over the PSTN. The 
computer(s) also perform the two-way protocol processing 
to send and receive compressed, digitized voice data in 
TCP/IP packet form over the network 48. Copending com- 
monly assigned application Ser. No. 08/634,543 filed Apr. 
18, 1996 describes several implementations of "Internet 
Modules'' which may serve as alternate embodiments of the 
PSTN gateways 54 and 58. 

Communications via the public packet data network or 
Internet 48, utilize IP protocol addressing. It may be helpful 
in understanding later discussed call processing examples to 
take a moment here to review the fundamentals of IP 
addressing. Each IP address comprises a series of four 
numbers separated by dots. An example of an IP address 
would be 164.109.211.237. Each machine on the Internet 
has a unique number permanently or temporarily assigned to 
it which constitutes one of these four numbers. In the IP 
address, the leftmost number has the greatest weight. By 
analogy this would correspond to the ZIP code in a mailing 
address. At times the first two numbers constitute this 
portion of the address indicating a network or a locale. That 
network is connected to the last router in the transport path. 
In differentiating between two computers in the same des- 
tination network only the last number field changes. In such 
an example the next number field 211 identifies the desti- 
nation router. 

When a packet bearing a destination address leaves a 
source router, the router examines the first two numbers in 
a matrix table to determine how many hops are the minimum 
to gel to the destination. It then sends the packet to the next 
router as determined from that table, and the procedure is 
repeated. Each router has a database table that finds the 
information automatically. This continues until the packet 
arrives at the destination computer. The separate packets that 
constitute a message may not travel the same path depending 
on traffic load. However, they all reach the same destination 
and are assembled in their original order in a connectionless 
fashion. This is in contrast to connection oriented routing 
modes, such as frame relay and asynchronous transfer mode 
(ATM) or voice. 

It would be difificult for most people to remember the four 
separate numbers (sometimes having ten or more digits) 


comprising each numeric IP address. In addition numeric IP 
addresses occasionaUy change or some systems temporarily 
assign IP addresses to active devices, making it even more 
of a problem for people to keep track of them. To facilitate 
S person to person communications, however, people can 
address each other using easier to remember names. In 
relation to the present invention these names are preferably 
textual domain names or telephone number based domain 
names. A domain name server (DNS) system 51 translates 
10 the names into actual IP addresses. 

An example of a textual Domain Name is 
BUBMI@HUTMB.COM. Each of the names separated by 
a dot is called a domain. The significance of each of the 
domains is the reverse of that of the numeric IP address. In 
35 the numeric IP address, the most significant numbers were 
on the left and the least significant on the right. The textual 
Domain Name System begins with the least significant on 
the left and proceeds to the most significant on the right. An 
example of a telephone number based Domain Name is 
"301-608-2908@phone". 

The top-level domains, those of the most general 
significance, are as follows: 

1. COM — ^A commercial operation. 

2. EDU — A university, college or other educational insti- 
tution. 

3. GOV — A government organization. 

4. MIL — A military site. 

5. ORG — ^Any organization that does not fit into any of 
the preceding. 

6. NET — ^A network. 

There are now two-letter domains, each denoting a dif- 
ferent country, which are atop the above original domain 
names. An address ending in "COM.AU,** for example, 
would be a commercial operation in Australia. Over a 
hundred different countries are now connected to the Inter- 
net so the list of two -letter country codes is long and getting 
longer. Computers or servers associated with the Internet 
convert textual domain names into numeric IP addresses. 

In the example illustrated in FIG. 1, the domain name 
server 52 translates domain names into numeric IP addresses 
in response to requests from calling terminals. FIG. 1 depicts 
a single domain name server 52, and the discussion herein 
concentrates on a single server implementation for ease of 
explanation. In an actual, large scale deployment, the 
domain name server system would comprise a number of 
server systems 52 in a hierarchical arrangement. Each 
domain name server 52 would serve a region or segment of 
the public packet data network 48 and would provide 
translations and processing of names corresponding to 
addresses residing within the segment served. Any computer 
or PC on the segment requesting translation would first 
query the domain name server system 52 serving that 
segment. If the domain name was not one associated with 
the server, the domain name server 52 would communicate 
through the hierarchy of such servers to relay the query to 
the appropriate server for processing; and after processing, 
that server would provide the destination address and any 
associated information in the reply back to the querying 
60 device. Also, each domain name server 52 in a given area 
could be duplicated, for redundancy. 

There is now described a typical Internet telephone call 
from an outside telephone to the internal telephone of an 
employee of the business establishment 10. 
65 An external caller at telephone 62 A in a distant city has 
been invited by an employee of the business * establishment 
10 to call him using the Internet telephony capability that the 
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business provides. The external caller has been further told The access gateway 66 responds to this connection by 

by the employee that in order to complete an Internet requesting that the end office CO 64 (or the IP) send to the 

telephone call to him at his desk from a telephone connected caller a prerecorded prompt to send the telephone DID 

to the PSTN, she is to dial the prefix WW which has been number of the party (or terminal) that the caller is attempting 

established by the PSTN as a prefix to be used to dial an 5 lo reach. This is accomplished either by DTMF signaling or 

Internet call. voice and the voice recognition capability in the IntcUi- 

The potential caUer has been additionally instructed to use g^nt Peripheral (IP) platform in the PSTN. The caller sends 

that prefix and the number INT-123-4567 as a number which requested number to the access gateway 66 via the PSTN 

will establish a connection through the Internet to the access and the Internet 48. The access gateway 66 also receives 

gateway 66 of the business establishment 10- The SSPs ^.^ ^^jg jp ^. ^^^^ ^^^^^^ 

associated with the end office switches in the PSTN 12 have ^ u- u u t.* • j r a^h n it^ 

originating triggers set for that number. When the number f^^^ y; "^.^ obtained from ANI or caller ID 

INT-123-4567 is dialed, the trigger in the originating (^J ^^^^^^^ ^^^^^S party) The access gateway 66 

CO/SSP 64 suspends the call and sends a TCAP query thereupon commences its security function as is now 

message via one or more STPs to the ISCP. The ISCP explamed. ^ ^ , . 

consults a database of translations for Internet calls and ^5 The system and methodology just descnbed has resulted 
ascertains that the number INT-123-4567 identifies the in the initiation of two security measures to this point in the 
access gateway 66, and that the domain name of that procedure. Thus the employee first disclosed his DID 
gateway is '703- 123-4 567@phone*. The database of trans- number, and second, the employee disclosed either the 
lations of INT prefixed telephone numbers to Internet Internet number INT-123-4567 and/or the domain name 
domain names may be maintained either in the ISCP or the 20 '703-1 23-4567@phone' for the access gateway to the busi- 
IP. ness establishment. These numbers have been used to con- 
As an alternative to the foregoing procedure, the nect to the access gateway 66 and the DID number has been 
employee may instruct the potential caller to use the 'INT* presented to the access gateway 66. 
prefix and then to follow the instructions which will be The architecture and operation of the access gateway 66 
provided by voice prompt. According to this embodiment 25 is now described, 

the employee also divulges to the potential caller the domain As shown in simplified form in FIG. 6, the access gateway 
name of the access gateway 66, namely, '703-123- 66 comprises a LAN server and router 55 interfacing 
45 67 @phone'. According to this variant procedure the ISCP, between the LAN and the Intemet. The access gateway also 
in response to the prefix 'INT', would set up a voice includes an address or security server 51. These two servers 
recognition session using the voice recognition capabilities 30 may have a common central processing unit (CPU), if 
of the IP. The IP may be signaled by the ISCP to initiate such desired. The address server 51 also includes a data storage 
a session with the caller, system 53 wherein there is stored a series of databases. This 
The IP thereupon transmits lo the caller via a voice link data storage system may be either associated with or 
between the IP and the SSP/CO to which the caller is included in the server 51, As discussed more below, the 
connected, a voice prompt requesting the caller to spell the 35 databases include look-up tables for authentication of and/or 
domain name of the destination desired. The caller complies translations of names or numbers, and routing control 
with this request and the domain name '703-123- records for conditional as well as parallel processing of 
4567@phone' is temporarily stored by the IP. The IP or the requests for communication via the access gateway. 
ISCP thereupon sends the domain name via the CCIS FIG. 7 provides a simplified illustration of an example of 
network in the PSTN 12 to the end office CO 56 with 40 one possible organization of the software for the address 
instructions to establish a link to the access gateway 66 server 51, for implementing the security operations in 
which that domain name identifies. As an alternative to this accord with the present invention. The computer of the 
transmission of the domain name to the CO 56, the ISCP address server runs a standard operating system 71, such as 
could direct that a voice link from CO 64 lo CO 56 be UNIX. The operating system facilitates execution of one or 
established at the outset, whereby the domain name is 45 more applications. One of the applications that will run on 
delivered from the IP via the voice link. the computer of the address server 51 is an address process- 
In its search the ISCP (or the IP) has further ascertained ing application 73. The address processing application 73 
from its database routing tables that the Intemet gateway 54 includes executable code facilitating the actual processing, 
of the PSTN may be used to contact the access gateway 66 The executable code permits access to translation tables 77 
via a no -toll routing through the PSTN to the end office CO 50 and routing control records (RCRs) 81 stored in a database 
56. within the storage system portion of the address server 51. 

The availability of a dial-up connection from CO 56 lo a Hie executable code of application 73 also triggers several 
line to the PSTN Internet gateway 54 is next established via communication routines 75, 79 and 83. 
the CCIS network. Assuming that the CCIS query shows that More specifically, when the computer of the address 
a line is available, connection is then made between the end 55 server 51 receives a '^query"* or request for translation or 
offices 64 and 5(5, and from end office 56 to the PSTN database look-up, the operating system 71 passes the request 
Internet gateway 54, The end office CO 56 thereupon sends from the LAN server and router interface 55, to the com- 
the domain name of the PSTN Intemet gateway 54. The munication routine 75 of the application 73 running in the 
gateway 54 in turn sends the domain name to the domain server 51. The communication routine extracts the appro - 
name server or DNS 52 with a request for a domain name to 60 priate information from the query message, such as the 
IP address translation. The DNS 52 establishes the proper address or number of the requesting terminal device and the 
translation from its database (or a related hierarchical designation that the terminal device has identified for trans- 
database), and returns the numerical IP address of the access lation or look-up. 

gateway 66 to the PSTN Intemet gateway 54. The Internet The address or designation processing application 73 can 

gateway or server 54 then uses this IP address and estab- 65 access a number of translation tables. Some of the tables will 

lishes a virtual Internet connection between the access translate addresses, numbers, or designations into immediate 

gateway 66 and the CO 64. connect commands from the server 51 to the LAN server and 
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router 55. One type of designation which would require 
access to this type of table is a DID number for a called party 
in the business establishment, for which the lowest level of 
security has been set. Other tables will translate designations 
such as DID numbers into identification of supplemental s 
tables to be used to effectuate a higher security level. Such 
supplemental tables would contain additional requirements 
to be satisfied before a connect command is sent from the 
server 51 to the LAN server and router 55. One example of 
such an additional table would be a table of telephone lo 
numbers of authorized calling terminals for the particular 
DID number which is being called. Only after verification 
that the calling number is authorized would a connect 
command be sent from the server 51 to the LAN server and 
router 55. 15 

Certain translations will involve conditional analysis pro- 
cessing for at least some called numbers or addresses. In 
such a case the result of the translation will be to call up a 
communication routine 79 for transmission of a reply mes- 
sage to the calling terminal device that requested the trans- ao 
lation or look-up processing. The application 73 also pro- 
vides the address of that terminal device to the reply 
transmission routine 79. In response, the routine 79 will 
formulate an IP reply message containing the querying 
terminal device address as the destination address and 25 
containing the IP address produced by the translation pro- 
cess as message data. The reply transmission routine 79 
forwards the message through operating system 71 and the 
IP interface (LAN server and router) for transmission 
through the public packet data network 48 to the requesting 30 
terminal device. The requesting terminal device then 
responds using the provided IP address as a destination 
address and the response is again processed for authentica- 
tion by comparison with the content of the appropriate 
tables. The required response may be a PIN number, a name, 35 
a password, or the like. This routine may be repeated to any 
desired number of stages depending upon the degree of 
security desired for the called terminal on a called terminal 
by terminal basis. Upon satisfying all of the indicated 
requirements, the connect command is sent to the LAN 40 
server and router to initiate the desired communication. 

Parlies (terminals) for whom such additional or condi- 
tional processing is established will store a routing control 
record (RCR) 81. For each calling terminal associated with 
such a called terminal, the translation tables 77 will store a 45 
pointer pointing to the routing control record (RCR) 81 that 
controls that called party's routing service to his or her 
called terminal in the business establishment. In operation, 
the address processing application 73 will receive a query in 
the manner discussed above. However, when the application 50 
accesses the translation table with the designation associated 
with a called party (terminal) having conditional analysis 
based service, the translation will return a pointer identify- 
ing the controlling RCR. The addressing processing appli- 
cation 73 then executes a conditional analysis routine uti- 55 
lizing the identified RCR 81. The conditional analyses 
defined by the RCRs vary considerably, depending on the 
customized routing service selected for each of the terminals 
in the business establishment. Several simple examples are 
described for convenience. 60 

In one exemplary form, the RCR specifies a set of 
conditions or criteria and two or more alternate destinations, 
depending on which criteria are satisfied by the current call 
or translation request query. For example, the RCR may 
specify alternate destination addresses for different times, or 65 
for different addresses of calling terminal that placed the caU 
and thereby requested the translation. In these cases, the 
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address processing application 73 compares call or query 
related parameters to the criteria in the RCR 81 and obtains 
the destination address and processing procedure corre- 
sponding to the parameters of the current call or translation 
query. Here, the address may be an IP address, a MAC 
address, a telephone or terminal number, other routing 
information (e.g., telephone number) or a combination of an 
address plus some other routing information. 

The address or designation processing application 73 will 
supply the result from the RCR processing (address and/or 
other routing information) to the communication routine 79. 
The transmission reply routine transmits a reply message to 
the terminal device that requested the translation, in the 
maimer discussed above. However, in this case, the reply 
message contains the IP address and/or other routing infor- 
mation obtained from the RCR processing. The requesting 
terminal device initiates the desired communication in the 
normal manner but using the address information and sat- 
isfying the protection routine obtained as a result of the 
conditional analysis. In this manner, the communication 
ultimately goes to the destination selected by the called party 
who established the customized routing service and the 
corresponding RCR in the domain name server 51. 

The conditional processing by the address server 51 will 
support a wide array of selective routing services, such as 
routing to different destinations at different times, routing to 
an alternate destination if a primary destination is inactive, 
follow-me type service, etc. The procedure permits a com- 
pany using the system to require callers to create a desig- 
nated voice recognition template in order to qualify for 
subsequent use of the Internet telephony connection which 
is offered. The methodology also may be programmed to 
flag and initiate fraud investigations. 

In the embodiment of the invention shown in FIG. 1 using 
PBX distribution, satisfaction of the security procedures is 
followed by connect command and the DID telephone 
number of the called party is then transmitted via the access 
gateway 66 to the PBX. The PBX uses the telephone number 
to ring the desk of the called employee and, if the employee 
goes off-hook, the call is completed from the calling to the 
called party through the Internet. In the alternate embodi- 
ment such as illustrated in FIG. 8 the address which is 
delivered to effect the connection would be the LAN address 
for the called terminal. 

It will be readily seen by one of ordinary skill in the art 
that the present invention fulfills all of the objects set forth 
above. After reading the foregoing specification, one of 
ordinary skill will be able to effect various changes, substi- 
tutions of equivalents and various other aspects of the 
invention as broadly disclosed herein. It is therefore 
intended that the protection granted hereon be limited only 
by the definition contained in the appended claims and 
equivalents thereof. 
What is claimed is: 

1. A method of telephony communication via a public 
packet switched data network from a first terminal to a 
second terminal connected to a local area network compris- 
ing the steps of: 

a) initiating from said first terminal a first address signal; 

b) translating said first address signal to a second address 
signal lo effect a link to a first interface to said public 
data switched network; 

c) establishing a virtual link through said public data 
switched network to a second interface to said public 
data switched network; 

d) establishing a packet data link from said second 
interface to said public data switched network to an 
access gateway to said local area network; 
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e) transmitting from said second interface to said public 
packet switched data network to said access gateway a 
designation including information initiated by said first 
terminal, which information includes identification of 
said second terminal; 5 

f) comparing the information provided by said first ter- 
mintil with a storage of information maintained by said 
access gateway which includes information relating to 
said second terminal; 

g) upon establishing a match between at least certain of 
said information provided by said first terminal and 
information stored in said storage relating to said 
second terminal, linking said first terminal to said 
second terminal through said public packet switched 
data network and said access gateway and said local 
area network for interactive voice telephony commu- 
nication between said first and second stations. 

2. A method according to claim 1 wherein said first and 
second terminals are telephone terminals. 

3. A method according to claim 2 including the step of 20 
connecting said local area network to said second terminal 
through a private branch exchange switching system. 

4. A method according to claim 2 including the step of 
connecting said second terminal direct to said local area 
network. 25 

5. A method according to claim 1 including the step of 
connecting said first terminal to said first interface of said 
public data switched network through a switched telephone 
network. 

6. A method according to claim 1 including the step of 33 
connecting said first terminal to said first interface of said 
public data switched network through a switched telephone 
network and a telephony to packet data server connected to 
said first interface to said public packet switched data 
network. 35 

7. A method according to claim 6 wherein said public 
packet switched data network is the Internet, and said first 
and second terminals are telephone terminals, and said 
information initiated by said first terminal includes identi- 
fication of the domain name of said access gateway. 

8. A method according to claim 7 including the step of 
identifying said domain name in said information initiated 
by said first station through voice recognition. 

9. A method according to claim 6 wherein said public 
packet switched data network comprises the Internet, and 45 
said first and second terminals are telephone terminals, and 
said information initiated by said first terminal includes 
identification of the domain name of said access gateway 
and a direct inward dial number for said second terminal. 

10. A method of telephony communication via a public 
packet switched data network from a first telephone terminal 
connected to a public switched telecommunications network 
to a second telephone terminal connected to a local area 
network connected to a plurality of telephone terminals for 
interactive voice providing voice communication 55 
therebetween, said local area network being connected to an 
access gateway comprising the steps of: 

a) dialing from said first terminal a predetermined desig- 
nation for said access gateway to attempt to establish a 
telephony link with said second telephone terminal; 

b) responsive to said dialing of said predetermined des- 
ignation establishing a link from said public switched 
telecommunications network to a telephony to packet 
data server and from said data server to a first interface 

to said public packet switched data network; 65 

c) establishing a link from said first interface to said 
public packet data switched network through said net- 
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work to a second interface to said public packet data 
switched network and from said second interface to 
said access gateway; 

d) pre-storing in data storage in said access gateway tables 
of access data and processing routines; 

e) receiving at said access gateway data provided by said 
first telephone terminal including an address identify- 
ing said second telephone terminal; 

f) comparing said data provided by said first telephone 
terminal with data in said access gateway tables using 
at least one of said processing routines; and 

g) upon identifying a match between at least certain of 
said data provided by said first telephone terminal with 
said pre-stored data, processing said attempt to estab- 
lish a telephony link with said second telephone ter- 
minal by establishing a link from said access gateway 
through said local area network to one of said plurality 
of telephone terminals connected to said local area 
network, the identity of said one of said plurality of 
terminals depending upon the outcome of processing 
indicated by the correspondence of data provided by 
said first telephone station with data pre-stored in said 
storage and conditions established in said processing 
routines. 

11. A method according to claim 10 wherein said public 
packet switched data network comprises the Internet. 

12. A method according to claim 11 including obtaining 
said information from said first telephone terminal by inter- 
active voice prompt and voice recognition dialog. 

13. A method according to claim 12 wherein said infor- 
mation includes identification of an address for said access 
gateway. 

14. A method according to claim 13 wherein said infor- 
mation also includes a direct inward dial number for said 
second telephone terminal. 

15. A method according to claim 13 wherein said identi- 
fication of an address for said access gateway comprises the 
domain name of said access gateway. 

16. A hybrid telephony communication system compris- 
ing: 

a switched telecommunications network including inter- 
connected switching systems serving telephone termi- 
nals and having a separate packet switched control 
network which includes a controller and signal transfer 
points and service switching points associated with said 
switching systems; 

a public packet switched data network having router 
interfaces; 

a packet network server connected between one or more 

of said switching systems and one or more of said 

router interfaces; 
a local area network providing communication between a 

plurality of telephone terminals associated therewith; 
an access gateway connected between said local area 

network and one or more of said router interfaces; and 
security storage associated with said access gateway and 

having stored therein data relating to at least certain of 

said plurality of telephone terminals associated with 

said local area network; 
said access gateway including a processor selectively 

running application routines associated with certain of 

said plurality of terminals and said data stored in said 

security storage, wherein; 

a caller using one of said telephone terminals served by 
said switching systems establishes telephonic com- 
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munication with one of said plurality of terminals suspension of the call, accessing said controller, signaling 

associated with said local area network by a link between said controller and said intelligent peripheral 

through said telecommunications network and said platform, and voice communication between said intelligent 

packet network server and said public packet peripheral platform and said caller. 

switched data network and said access gateway and 5 20. A communication system according to claim 19 

said local area network after inputting information wherein said public packet switched data network comprises 

corresponding to data in said security storage and the Internet. 

satisfying criteria imposed by said processor running 21. A communication system according to claim 16 
an application routine associated with the telephone including a private branch exchange switching system con- 
terminal with which said caller using one of said lO nectingsaidplurality of terminals to said local area network, 
telephone terminals served by said switching sys- 22. A communication system according to claim 21 
terns establishes telephonic communication. including a separate connection of said private branch 

17. A communication system according to claim 16 exchange switching system to one of said switching systems 
including an intelligent peripheral platform associated with in said switched telecommunications network. 

said control network and having voice prompt and voice 15 23. A communication system according to claim 22 

recognition capability, said intelligent peripheral platform including computers connected to said local area network, 

obtaining at least certain of said information inputted by said and a local area network to packet switched data network 

caller using one of said telephone terminals served by said server connected between said local area network and one or 

switching systems. more of said router interfaces to said packet switched data 

18. A communication system according to claim 17 20 network. 

wherein said intelligent peripheral platform is connected to 24. A communication system according to claim 23 

said controller via a data link. wherein said local area network to packet switched data 

19. A communication system according to claim 18 network server blocks telephony communication signals, 
wherein said telephonic communication which is established 

is initiated by said caller dialing a number which causes ♦ ♦ * * * 
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